finally have a working matrix set up

homes/x86_64-linux/chris@manwe/default.nix

@@ -35,7 +35,7 @@
       bitwarden.enable = true;
       discord.enable = true;
       ladybird.enable = true;
-      nheko.enable = true;
+      matrix.enable = true;
       obs.enable = true;
       onlyoffice.enable = true;
       signal.enable = true;

modules/home/application/matrix/default.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, namespace, osConfig ? {}, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.application.matrix;
+in
+{
+  options.${namespace}.application.matrix = {
+    enable = mkEnableOption "enable Matrix client (Fractal)";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [ fractal ];
+  };
+}

modules/home/application/nheko/default.nix

@@ -1,15 +0,0 @@
-{ config, lib, pkgs, namespace, osConfig ? {}, ... }:
-let
-  inherit (lib) mkIf mkEnableOption;
-
-  cfg = config.${namespace}.application.nheko;
-in
-{
-  options.${namespace}.application.nheko = {
-    enable = mkEnableOption "enable nheko (matrix client)";
-  };
-
-  config = mkIf cfg.enable {
-    home.packages = with pkgs; [ nheko ];
-  };
-}

modules/nixos/services/communication/conduit/default.nix

@@ -16,17 +16,25 @@ in
     #   virtualisation.podman.enable = true;
     # };
 
+    networking.firewall.allowedTCPPorts = [ 4001 8448 ];
+
     services = {
       matrix-conduit = {
         enable = true;
 
         settings.global = {
-          address = "::1";
+          address = "::";
           port = 4001;
 
-          database_backend = "rocksdb";
+          server_name = "matrix.kruining.eu";
 
-          server_name = "chris-matrix";
+          database_backend = "rocksdb";
+          # database_path = "/var/lib/matrix-conduit/";
+
+          allow_check_for_updates = false;
+          allow_registration = false;
+
+          enable_lightning_bolt = false;
         };
       };
 
@@ -43,11 +51,25 @@ in
 
       caddy = {
         enable = true;
-        virtualHosts = {
+        virtualHosts = let
-          ${domain}.extraConfig = ''
+          inherit (builtins) toJSON;
-            # import auth-z
 
-            # reverse_proxy http://127.0.0.1:5002
+          server = {
+            "m.server" = "${domain}:443";
+          };
+          client = {
+            "m.homeserver".base_url = "https://${domain}";
+            "m.identity_server".base_url = "https://auth.amarth.cloud";
+          };
+        in {
+          "${domain}".extraConfig = ''
+            header /.well-known/matrix/* Content-Type application/json
+            header /.well-known/matrix/* Access-Control-Allow-Origin *
+            respond /.well-known/matrix/server `${toJSON server}`
+            respond /.well-known/matrix/client `${toJSON client}`
+
+            reverse_proxy /_matrix/* http://::1:4001
+            # reverse_proxy /_synapse/client/* http://::1:4001
           '';
         };
       };